Microsoft’s Internet Explorer web browser may have lost the #1 spot among internet users, but it continues to be a lucrative target for hackers to exploit. One such chink in the veteran web browser was recently highlighted and has since come under attack, and the Redmond software giant is working hard to release a fix to that particular IE bug any time now.
The zero-day vulnerability exploits Internet Explorer 6.0 to all browser versions up to Internet Explorer 9.0, and the bug lets hackers to exploit the flaw and install malicious software on a host PC by luring unsuspecting users to poisoned websites. Microsoft acknowledged and confirmed on its security blog earlier this week that a fix was on its way.
While Microsoft is at best vague on explaining exactly how this bug could exploit IE’s flaw and install malware on your system, detailed information can be found on independent security researchers’ blogs and other prominent security websites. According to one report, one of the poisoned websites which exploits this zero-day IE security flaw is an India-based website which covers the defense industry.
These compromised sites when viewed through Internet Explorer lets the hackers install remote access trojans called Poison Ivy and PlugX, which in turn opens the door to monitoring your PC’s activity.
In a statement, Yunsun Wee, Director of Microsoft’s Trustworthy Computing group, said, “While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online.”
Microsoft has released a temporary fix for the IE vulnerability (click here) for people who don’t want to wait till an update patch is available for download later today. For the time being, it’s advisable that IE fans temporarily shift to an alternate browser like Google Chrome, Mozilla Firefox, Opera, or Apple’s Safari until the issue is permanently resolved.